All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation

1d ago· 1 min readenNews
Bagel score 38 of 100
38/100
Stale
Bagelometer

Sat out too long. The crust has gone leathery.

Score38TypenewsSentimentnegative

Summary

CVE-2026-0257 is a medium-severity (CVSS 7.8) authentication bypass vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access GlobalProtect components. The flaw allows attackers to bypass security restrictions and establish unauthorized VPN connections when authentication override cookies and specific certificate configurations are enabled. Palo Alto Networks reported limited exploit attempts, while Rapid7 observed successful exploitation across numerous customers with activity starting May 17, 2026, and a second wave on May 21 by the same threat actor. In the second wave, attackers obtained VPN IP assignments after cookie authentication in two cases, granting internal network access with no observed follow-on activity. Rapid7 has urged urgent patching.

Key quotes

· 3 pulled
Rapid7 found successful exploitation across numerous customers with activity starting May 17, 2026 and a second wave on May 21 by the same threat actor.
In the second wave, attackers obtained VPN IP assignment after cookie authentication in two cases, granting access to internal networks, with no observed follow-on activity.
Rapid7 urged urgent patching to vendor-supplied fixes.
Snippet from the RSS feed
CVE-2026-0257 has a CVSS score of 7.8 and is a medium-severity authentication bypass affecting PAN-OS and Prisma Access. The flaw targets GlobalProtect portal and gateway components and can let attackers bypass security restrictions to establish unauthori

You might also wanna read

Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)

watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control

labs.watchtowr.com·1mo ago

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·8mo ago

CVE-2026-31431 "Copy Fail" Linux Kernel LPE Exploit Proof-of-Concept Released

This article presents a proof-of-concept exploit toolkit for CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability in the algif_aead/au

github.com·1mo ago

Two Azure Entra ID Sign-In Log Bypasses Discovered and Fixed: Tokens Retrievable Without Logging

A security researcher (Nyxgeek) discloses two newly discovered Azure Entra ID sign-in log bypass vulnerabilities that were recently fixed. B

trustedsec.com·2mo ago

Critical FreePBX Zero-Day Vulnerability CVE-2025-57819 Exposed and Exploited

A critical zero-day vulnerability (CVE-2025-57819) has been discovered in FreePBX, a popular open-source PBX system. The article details how

labs.watchtowr.com·8mo ago

Copy Fail (CVE-2026-31431): Critical Linux Kernel LPE Vulnerability Affecting All Major Distributions

A critical Linux privilege escalation vulnerability (CVE-2026-31431) dubbed "Copy Fail" has been discovered by researcher Xint Code. The exp

copy.fail·1mo ago